What is CVE-2026-34774?

CVE-2026-34774 is a high-severity vulnerability in Electron, classified under Use After Free. CVSS score: 8.1/10. Published 2026-04-03.

How severe is CVE-2026-34774?

High severity. CVSS v3 base score is 8.1 out of 10.

Use After Free in Electron

CVE-2026-34774

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open() may be vulner…

Vulnerability class: Use-After-Free

EPSS: 0.000 (5.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Electron — versions < 39.8.1, >= 40.0.0-alpha.1, < 40.7.0, >= 41.0.0-alpha.1, < 41.0.0

Weakness classification (CWE)

CWE-416 — Use After Free

References

https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-34774?: CVE-2026-34774 is a high-severity vulnerability in Electron, classified under Use After Free. CVSS score: 8.1/10. Published 2026-04-03.
How severe is CVE-2026-34774?: High severity. CVSS v3 base score is 8.1 out of 10.